Hacked iTunes Accounts Are Being Sold in China

By , Jan 14, 2011

The Global Times recently discovered that over 50,000 illegal iTunes accounts are being offered for purchase in China. Potential buyers are promised access to purchase iTunes content for free; amounting to seven times the amount paid.

Toaboa.com, China’s largest consumer auction site, is offering hacked iTunes accounts with stolen credit card and contact information to potential customers. These accounts are registered by real people with real personal information, but this blatant form of organized crime has (so far) gone unpunished.

At prices of 1-200 yuan (about $30 a pop), these hacked accounts are distributed through the iTunes login credentials associated with the account’s payment information…

When a compromised account is sold by Toaboa, the buyer receives the login information for that hacked account. The only restriction is that all purchases must be made with the account within 24 hours of the transaction with Toaboa.com. This measure is to ensure that the illegal account is not closed by iTunes before purchases are made.

The auction site shows that thousands of hacked accounts have been sold over the past several months. The Global Times reports,

“Of course these accounts are hacked, otherwise how could they be so cheap?” a customer service representative of one of the online stores admitted to the Global Times.

He assured that the hacked accounts were safe to use due to the legitimate holders being located abroad, but he warned that the accounts needed to be used as quickly as possible. He refused to comment on the methods used to obtain the accounts.”

The Global Times consulted with a Chinese IT expert who helped shed some light on how these iTunes accounts were possibly compromised,

“Xu Yuanzhi, a Chongqing-based IT expert who has been following the case, told the Global Times that hackers either directly hack iTunes accounts owned by foreign users or steal the details of overseas credit cards, which are then used to register several iTunes accounts for purchases.”

Apple’s iTunes is the world’s largest music retailer, with over 150 million credit cards on file. There’s definitely plenty of hacking to be done, but this blatantly public display of crime can only go on for so long before authorities are involved. The Global Times says,

“Cai Haining, deputy director of the Committee for Information Network and High-Tech with the Lawyers’ Association of China, told the Global Times that Taobao should shoulder joint responsibility for its failure to supervise the legitimacy of products being sold on its website.

“It should require sellers to stop selling products if they are found to be illegal, or it should take the blame,” Cai said.”

Apple has declined to comment on this problem. However, a customer representative at Apple China said that Apple is only offering technical support at this time and suggested that iTunes account holders, “better safeguard their account information.”

This is not the first time that iTunes accounts have been exploited, there was a similar problem in July 2010 with reports of iTunes accounts being hacked to purchase media. This Toaboa incident is the most widespread and public display of such a problem.

What do you think about this? Hopefully this criminal activity will be ended soon. I’m sure Apple is working as fast as they can to improve the security of their iTunes infrastructure and pursue legal action.

UPDATE: Reader Simon has informed us that Toaboa has in fact stopped selling hacked iTunes accounts in light of all of the media coverage it has received. PCMAG reports,

“We received some complaints from customers that bought the accounts in question, and in the name of protecting our customers we decided to take all the listings purporting to sell existing accounts down,” said John Spelich, VP of International Corporate Affairs at parent group Alibaba.”

[via ZDNet]

  • Share:
  • Follow:

  • I think Taobao has already removed the illegal iTunes account, in reference to PC Magazine.

  • that’s theft, i don’t really like or agree with that

  • Burge

    First thing to do is change passwords …no content can be downloaded without a password being typed in …or you can turn of the use of credit cards ( like I have ) and use the iTunes gift cards ( like I do ) …

  • Burge

    Just wondering .. If that’s was your account and your iPhone ia jailbroke .. Would or have you used or still use cracked apps ? Theft is theft .. And you would not be happy if it was your account would you ?

  • Chris

    My account appears to be one of these 50K stolen and sold. Fortunately, I also use gift cards but had an outstanding balance of about $20 which they used all but sixty cents of. Highly annoyed, I do not use links in emails asking for log in information and I do not have an iPhone or any other device that uses Apple applications (which was purchased on my account) so I cannot comprehend how they got my information.

    • Justin

      That sucks that you are a victim of this. Your post makes me curious, how did you come across this site if you don’t have an iPhone or other app using device?

      • Chris

        I googled “iTunes hacked accounts” when I realized all was not right with my account. This site was one of the first links listed. Since my original post, Apple has reinstated the store credit that was used against my account while it was high jacked. It was pretty painless and they were very quick to respond. I also noticed an extra computer had been authorized so I submitted a ticket about this problem as well. I did not have five computer authorized so I could not do it myself. Again, Apple was very responsive and this was taken care of within 12 hrs.

  • sadf

    They are on ebay too. I was looking into prices for gift cards in order to sell mine, and kept finding these offers for itunes account details that had to be used w/in 24 hours, so obviously hacked. Go figure, within 24 hours this story comes up.

  • Thomas

    It’s stuff like this that makes me mad that Apple requires us to have a credit card on our account. I haven’t, nor do I plan to, buy anything. I hate them having it because if I accidentally tap something I may be charged for it!

    • Justin

      A credit card on file is not required. I do not have one. When my iTunes account is getting low, I take a handful of spare change to a coinstar machine where I can turn my change into an iTunes gift card. It’s pretty easy. And since I usually have under $5 on my account, I’m not going to lose much.

  • Pirates Suck

    I think Burge is definitely one of the best posters here hands down. Completely agree sir!

  • Stew

    My account was hacked as well… I sure would like to know how as I am very careful online, never clicking links in emails or divulging personal info (like passwords and account names). I run spyware scanners and antivirus programs, don’t download illegal music or movies. They got hold of my account and cleaned out $60 worth of gift cards that I had put on the account (cards were my sons, he got them for his birthday). I’m just praying that they didn’t get my credit card info. Looks to me that this breach is probably on the Apple side, though they would never admit that (heck, I can’t blame them… Bad for business). Oh, my phones not jailbroken or unlocked either. Kind of soured me on the whole Apple/iTunes thing. I think when my contract is up I’ll get a droid phone.

  • Jordan!!!

    I have just looked at my email account and i have recived a receipt from apple saying that i have been billed £25 for a monthy gift for a random chinese email address. I assume that my account has been hacked like many others. I have changed my itunes password i was just wondering what i should do next?

  • Stolen from

    My wife was also a victim of this nonsense. She had a $25 gift card from me that she was using, but did not have any credit card information on file. Her e-mail today notified her of $50 dollars in charges, followed by another set of charges totalling $20, all charged to ‘store credit’. I also noticed a second machine was authorized on her account. It’s a shame I will never find out who specifically did this, local or international. Because if I did, I would find them and give them the beating of a lifetime for stealing from me.

  • Phil McNamee

    My Itunes Account was hacked and they stole $200 worth of ” itunes allowances”. This is a feature in itunes that allows you to provide an allowance to anyone you want. IE your kids in college or ?. I received 4 notifications via Paypal that $50 purchases were made via Itunes. I immediately logged into my apple account and changed the password. I reported it to apple on Thursday 2/17 and no resolution yet. Here is the email I received from Apple:

    Dear XXX(me),

    Thank you for contacting iTunes Store customer support. This is Bxxxx and I’ll be assisting you today. I understand that you are seeing unauthorized charges on your account.

    Finding a solution for you is very important to me, so I have requested assistance with the issue you reported. You will receive an email after the matter has been investigated and further information is available.

    Thank you for your patience. Apple wants your iTunes experience to be as enjoyable as possible. I hope you understand.

    Sincerely,

    BXXXX
    iTunes Store Customer Support